Date: Thu, 18 Nov 1999 08:31:36 -0700 (MST) From: David G Andersen <danderse@cs.utah.edu> To: bsd@a.servers.aozilla.com (Mr. K.) Cc: freebsd-security@FreeBSD.ORG Subject: Re: localhost.org Message-ID: <199911181531.IAA27035@faith.cs.utah.edu> In-Reply-To: <Pine.BSF.3.96.991118101159.958A-100000@inbox.org> from "Mr. K." at Nov 18, 99 10:13:58 am
next in thread | previous in thread | raw e-mail | index | archive | help
But why in the world do you have .org in your search path?
... it's like leaving "." in root's executable search path: just don't do
it. The only things in your nameserver search space should be domains you
trust, or obviously, people are going to be able to pull things like that.
-Dave
Lo and behold, Mr. K. once said:
>
> this is really bad... today when i got to my computer i noticed that
> mysql was broken. the message was "Can't connect to MySQL server on
> localhost". so after half an hour of debugging (and rebooting my server
> :(, bye uptime), I did a telnet localhost 3306 (the mysql port). lo and
> behold, I notice:
>
> # telnet localhost 3306
> Trying 208.211.134.100...
> telnet: Unable to connect to remote host: Connection refused
> # nslookup localhost
> Server: inbox.org
> Address: 0.0.0.0
>
> Non-authoritative answer:
> Name: localhost.org
> Address: 208.211.134.100
>
> ouch. time to reset all my passwords, as this bozo could have stolen them
> all. I don't know why this just started happening, unless the bozo just
> registered the domain name, which is why I'm sending along this warning to
> everyone on here.
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911181531.IAA27035>